Ever heard of a “pig butchering” scam? Or a DDoS attack so massive it’d make your head spin? This week’s cybersecurity roundup has it all – from government crackdowns to stealthy malware, and even a splash of app store mischief.
Get in the loop before it’s too late!
⚡ Threat of the Week ⚡
Double Trouble: Evil Corp & LockBit Takedown
In a major win for law enforcement, a coalition of international agencies moved to arrest four individuals and dismantle nine servers connected to the LockBit (a.k.a. Bitwise Spider) ransomware group. At the same time, they exposed Russian national Aleksandr Ryzhenkov, a high-ranking member of the infamous Evil Corp cybercrime gang and a LockBit affiliate. To cap it off, 16 individuals linked to Evil Corp have been slapped with sanctions by the U.K.
Stay secure out there!
DoJ & Microsoft Seize 100+ Russian Hacker Domains : The U.S. Department of Justice (DoJ) and Microsoft announced they have seized 107 internet domains operated by a Russian state-sponsored threat group known as COLDRIVER . These domains were used to conduct credential harvesting campaigns targeting NGOs, think tanks, government employees, and military/intelligence officials.
Record-Breaking 3.8 Tbps DDoS Attack : Cloudflare reported it successfully thwarted a massive distributed denial-of-service (DDoS) attack that reached a peak of 3.8 terabits per second (Tbps) and lasted for 65 seconds. This attack is part of a larger wave of more than 100 hyper-volumetric L3/L4 DDoS attacks aimed at financial services, internet, and telecom sectors since early September 2024. No attribution to a specific group has yet been made.
North Korean Hackers Unleash New VeilShell Trojan : A North Korean-linked adversary, APT37 , has been identified as the actor behind a covert campaign targeting Cambodia and other Southeast Asian nations. The group deployed a previously undocumented backdoor malware and remote access trojan (RAT) dubbed VeilShell , likely distributed through sophisticated spear-phishing email tactics.
Fake Trading Apps on Apple and Google Stores : Scammers behind a “pig butchering” fraud campaign have exploited fake trading apps on both the Apple App Store and Google Play Store, alongside phishing websites, to defraud victims. These fraudulent apps, no longer available for download, primarily targeted users in the Asia-Pacific, Europe, Middle East, and Africa regions. Additionally, Gizmodo revealed that users of Truth Social lost hundreds of thousands of dollars to similar scams.
700,000+ DrayTek Routers Vulnerable to Remote Attacks : Over 700,000 residential and enterprise routers manufactured by DrayTek are vulnerable to exploitation due to 14 security flaws (collectively named DRAY:BREAK ). Following responsible disclosure, patches have been released to address these vulnerabilities which, if left exposed, could allow attackers to control affected devices.
Around the Cyber World 🔎
Salt Typhoon Hackers Breach AT&T, Verizon, and Lumen Networks : Chinese state-sponsored hackers, known as Salt Typhoon , infiltrated the networks of U.S. telecom giants AT&T , Verizon , and Lumen Networks . They allegedly accessed sensitive information tied to court-authorized network wiretapping systems, which handle vast amounts of data, including traffic from millions of American and business customers, according to The Wall Street Journal .
U.S. and U.K. Issue Warnings on Iranian Spear-Phishing Campaigns : Iranian state-affiliated threat actors linked to the Islamic Revolutionary Guard Corps (IRGC) have been conducting spear-phishing operations targeting individuals connected to Iranian and broader Middle Eastern affairs. The attackers use social engineering to gain victims’ trust and then direct them to fake login pages via malicious links to steal login credentials, often including two-factor authentication (2FA) codes.
NIST NVD Backlog Hits 18,000+ Unanalyzed CVEs : The National Institute of Standards and Technology (NIST) is facing a significant backlog in processing vulnerabilities. As of September 21, 2024, over 18,000 Common Vulnerabilities and Exposures (CVEs) remain unanalyzed in the National Vulnerability Database (NVD). Notably, 46.7% of Known Exploited Vulnerabilities (KEVs) also remain unanalyzed, despite the influx of over 25,000 new CVEs since February 2024 when NIST scaled back its updates.
Major RPKI Flaws Compromise BGP Defense : A German research team has uncovered critical security flaws in the current implementations of Resource Public Key Infrastructure (RPKI) , a cryptographic security layer for Border Gateway Protocol (BGP) . These vulnerabilities include denial-of-service, authentication bypass, cache poisoning, and even remote code execution, potentially undermining the security of global internet routing.
Telegram’s Data Policy Shift Prompts Cybercriminal Exodus to Alternatives : Telegram’s recent shift toward sharing user data (such as IP addresses and phone numbers) with authorities under valid legal requests is driving cybercriminals to explore alternative apps. Notably, the Bl00dy ransomware group announced it would be “quitting Telegram,” while other groups like Al Ahad , Moroccan Cyber Aliens , and RipperSec considered moves to platforms like Signal , Discord , Jabber , and Tox . However, some of these alternatives lack Telegram’s bot support, API integration, and extensive group messaging capabilities. Despite concerns, Telegram CEO Pavel Durov downplayed the shift, highlighting that the platform has shared user data with law enforcement since 2018, citing compliance with hundreds of legal requests in countries like Brazil and India as examples.
🔥 Cybersecurity Resources & Insights
📅 LIVE Webinars
Modernization of Authentication: Passwords vs. Passwordless and MFA
Are your passwords really enough to stay secure? Join us as we delve into the future of authentication and explore the shift to passwordless technologies, alongside the vital role that Multi-Factor Authentication (MFA) plays in enhancing your cybersecurity posture. Don’t miss out—get ahead of the next big transformation in authentication strategies!
🧑💼 Ask the Expert
Q: How can organizations reduce compliance costs while strengthening their security measures?
A: Reducing compliance-related expenditures while bolstering security is possible with the thoughtful use of modern technology and strategic frameworks. Here are key steps to consider:
- Adopt comprehensive security frameworks, such as NIST CSF or ISO 27001 , to meet multiple regulatory requirements with fewer audits.
- Focus on high-risk areas using methodologies like FAIR , ensuring critical threats receive primary attention.
- Automate compliance audits with platforms like Splunk or IBM QRadar and leverage AI for rapid threat detection.
- Streamline your security stack by consolidating tools under platforms like Microsoft 365 Defender to lower costs and ease management.
- Use cloud services from trusted providers like AWS or Azure , which come with built-in compliance and can reduce infrastructure expenses.
- Strengthen your workforce with ongoing, interactive security training, fostering a culture of cybersecurity awareness.
- Automate documentation through systems like ServiceNow GRC to simplify compliance reporting.
- Implement a Zero Trust approach with measures like micro-segmentation and continuous identity verification to secure your environment further.
- Proactively monitor your networks with vulnerability scanning tools like Tenable.io to address risks before they evolve into larger issues.
By adopting these practices, you can decrease the cost of compliance while simultaneously enhancing security resilience.
🔧 Cybersecurity Tools
capa Explorer Web
This browser-based tool allows you to conveniently investigate the capabilities identified by capa , an open-source tool developed by the FLARE team. It enables you to analyze and visualize capa’s results straight from your web browser, making it easier to triage unknown executables, guide reverse engineering efforts, and detect malware. capa expedites security processes by identifying program capabilities embedded in executable files.
Ransomware Tool Matrix
An evergreen compilation of tools frequently leveraged by ransomware and extortion groups. By keeping track of the cybercriminals’ favorite tools, you can fine-tune threat-hunting efforts, improve incident response capabilities, and simulate their behavior during security drills. Use insights from this matrix to spot patterns in attack methodologies and craft more robust defenses.
🔒 Tip of the Week
Create an “Ingredients List” for Your Software
Think of your software as a recipe—composed of various “ingredients” like third-party modules and open-source libraries. By maintaining a Software Bill of Materials (SBOM) , you’ll have a precise list of these components, enabling you to respond quickly if vulnerabilities crop up. Regularly updating your SBOM and integrating it into your development cycle can greatly reduce hidden risks, ensure regulatory compliance, and help you build credibility through increased transparency. Educate your team around the importance of tracking software components, and you’ll be better prepared to mitigate threats in the future.
📝 Conclusion
This week highlighted the ever-present nature of cyber threats, often lurking in the most unsuspecting places—within apps and networks we’ve come to trust. The key takeaway? Stay vigilant and question everything. As the landscape continues to evolve, keep fostering a curious mindset and build a routine of continuous learning. Together, we can stay ahead of the bad actors.
Until next time—stay secure and be prepared!